Multiple vulnerabilities have been discovered in the Drupal Core code that could allow a remote attacker to execute code. Drupal versions prior to 8.2.7 are vulnerable. There are no reports of these vulnerabilities being exploited now, but that will probably change soon. If you are using Drupal please update your installation as soon as possible.
More information is available here: https://www.drupal.org/SA-2017-001