I usually donīt alert about modules and such for Drupal and other Content Management Systems but today there are several reports for Drupal that are considered between less and highly Critical.
Drupal Secure Site Module Security Bypass Vulnerability
secunia.com/advisories/28732/
Drupal Userpoints Module Cross-Site Request Forgery Vulnerability
secunia.com/advisories/28730/
Drupal Project Issue Tracking Module File Upload and Script Insertion
secunia.com/advisories/28731/
Drupal Comment Upload Module File Upload Vulnerability
secunia.com/advisories/28729/
Drupal OpenID Module "claimed_id" Authority Spoofing
secunia.com/advisories/28717/