A highly critical vulnerability was made public today (SA-CORE-2018-002). This is a very serious remote code execution vulnerability within multiple subsystems of Drupal 7.x and 8.x, allowing attackers to potentially compromise the site, using multiple attack vectors.
It is highly advised to ensure immediate action and attention to this and ensuring your Drupal installation has been updated.
For further details, please see https://www.drupal.org/sa-core-2018-002