Magento has just released the SUPEE-10415 security patch for the following versions:
- Magento Commerce 18.104.22.168-22.214.171.124 (formerly known as Enterprise Edition)
- Magento Open Source 126.96.36.199-188.8.131.52 (formerly known as Community Edition)
The patch contains fixed for several security vulnerabilities including cross-site request forgery (CSRF), Denial-of-Service (DoS), and authenticated Admin user remote code execution (RCE).
You can learn more about the patch and download it here: https://magento.com/security/patches/supee-10415
As with all Magento 1 security patches, I'd strongly recommend using the Experius Patch Helper to help you identify any overridden files that will also need to be patched.