Magento has released a new security update fixing multiple types of vulnerabilities including Cross-Site Request Forgery, Cross-Site Scripting, SQL Injection, and Remote Code Execution.

https://blog.sucuri.net/2019/03/sql-injection-in-magento-core.html