On 14th September 2017, Magento released a critical security patch; SUPEE-10266.
SUPEE-10266, Magento Commerce 184.108.40.206 (formerly known as Enterprise Edition) and Magento Open Source 220.127.116.11 (formerly known as Community Edition) contain multiple security enhancements that help close cross-site request forgery (CSRF), unauthorised data leak, and authenticated admin user remote code execution vulnerabilities. These releases also include fixes for issues with image reloading and payments using one-step checkout.
This patch also included Magento 2 versions for Magento Commerce (Enterprise Edition) and Open Source (Community Edition) 2.0.16 and 2.1.9
The Magento 2 version updates also include support for the changes to the USPS shipping rates that the USPS introduced on September 1, 2017.
Although none of these exploits have a known attack where they have been utilised, they have all been patched in this security update.