Drupal has released security advisories to address multiple vulnerabilities in Drupal Core. A remote attacker may send specially crafted HTTP requests or entice a system administrator into opening a specially crafted web page to exploit the vulnerabilities.
Please note that Drupal 8 prior to version 8.8.x has reached its End-Of-Life (EOL). No security updates will be provided after that. Users should arrange upgrading the Drupal to supported versions or migrating to other supported technology.
Depending on the vulnerability being exploited, a successful attack could lead to cross site scripting, information disclosure, or validation bypass on an affected system.
The product vendor has released patches to address the issues.
https://www.drupal.org/sa-core-2020-007
https://www.drupal.org/sa-core-2020-008
https://www.drupal.org/sa-core-2020-009
https://www.drupal.org/sa-core-2020-010
https://www.drupal.org/sa-core-2020-011
https://www.hkcert.org/my_url/en/alert/20091701
https://www.drupal.org/core/release-cycle-overview
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13666 (to CVE-2020-13670)