Moodle 1.9.6 and Moodle 1.8.10 were recently released. Apart from a range of bug fixes and small improvements, six security vulnerabilities (1 critical, 1 major and 4 minor) have been discovered and fixed since Moodle 1.9.5. (Thanks as usual to the reporters and to Petr Skoda for his tireless and excellent work defending all our Moodle sites).
There are no reported exploits yet, and they do not affect all sites, but we still recommend that you upgrade your sites to these latest versions as soon as possible (or otherwise ensure that these issues are not active in your site). As per our usual procedure, all 45,000 admins of registered Moodle sites were already privately notified a week ago.
More details can be found in the Moodle 1.9.6 release notes and the Moodle 1.8.10 release notes.
The releases themselves are available, as always, from our downloads page or any of our CVS mirrors.
Cheers,
Martin