Magento has just released the SUPEE-10415 security patch for the following versions:

Magento Commerce 1.9.0.0-1.14.3.7 (formerly known as Enterprise Edition)

Magento Open Source 1.5.0.0-1.9.3.7 (formerly known as Community Edition)

The patch contains fixed for several security vulnerabilities including cross-site request forgery (CSRF), Denial-of-Service (DoS), and authenticated Admin user remote code execution (RCE).

You can learn more about the patch and download it here: https://magento.com/security/patches/supee-10415

As with all Magento 1 security patches, I'd strongly recommend using the Experius Patch Helper to help you identify any overridden files that will also need to be patched.