Multiple vulnerabilities have been detected in Drupal Core which can allow remote attackers to execute arbitrary code, access sensitive information, and cause cross-site scripting attacks on the targeted systems.
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. To correct this install the recent version of Drupal 9.
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. In order to solve that install the latest Drupal 9 versions.
Recent Drupal core security update for information disclosure was released this week. To solve this issue you need to use the updated version of Drupal 7, 8 and 9.
The Drupal security team announced on February 16th, 2022, the moderately critical information disclosure vulnerability in Drupal Core, SA-CORE-2022-004.