Magento has released new versions of Magento Commerce and Magento Open Source to increase product security:
Magento Commerce 22.214.171.124
Magento Open Source 126.96.36.199
SUPEE-10415 (patch for earlier Magento 1.x versions)
These releases contain multiple security changes that help close cross-site scripting and authenticated Admin user remote code execution vulnerabilities.
We strongly recommend that all merchants upgrade to these versions as soon as is reasonably possible.
Download and install the Magento Commerce updates by logging into My Account and navigating to the version you want to download.
More information about these security changes is available on the Magento Security Center. Full details are available in these release notes:
Magento Hosting Specialists