Several security alerts have just been released for Drupal, several of them are critical, but they only affect you in very specific cases:
- https://www.drupal.org/sa-core-2022-015
It only affects D9 and only if you use iframe in the media entities. - https://www.drupal.org/sa-core-2022-014
Arbitrary code execution in D9. It only affects you if your server uses Apache, this one is especially dangerous!!! - https://www.drupal.org/sa-core-2022-013
For D9. Access control to entity fields. It probably only affects you if you have custom/contrib modules that interact with forms. - https://www.drupal.org/sa-core-2022-012
It affects both D9 and D7. But only if you have "allow_insecure_derivatives" active in Drupal settings.
And I want to remind you that Drupal 8 is no longer supported, and that almost all Drupal 9 security alerts are enforced in Drupal 8.
Therefore, you should upgrade as soon as possible to the latest version of Drupal9. Especially if you use Apache instead of Nginx.