The latest Drupal core vulnerability, designated, SA-CORE-2018-004 and assigned CVE-2018-7602, is related to the March SA-CORE-2018-002 flaw (CVE-2018-7600), according to the Drupal security team.

It can be exploited to take over a website's server, and allow miscreants to steal information or alter pages.

The fix is to upgrade to the most recent version of Drupal 7 or 8 core.