Magento has just released the SUPEE-10415 security patch for the following versions:
- Magento Commerce 188.8.131.52-184.108.40.206 (formerly known as Enterprise Edition)
- Magento Open Source 220.127.116.11-18.104.22.168 (formerly known as Community Edition)
The patch contains fixed for several security vulnerabilities including cross-site request forgery (CSRF), Denial-of-Service (DoS), and authenticated Admin user remote code execution (RCE).
You can learn more about the patch and download it here: https://magento.com/security/patches/supee-10415
As with all Magento 1 security patches, I'd strongly recommend using the Experius Patch Helper to help you identify any overridden files that will also need to be patched.