Recently a new severe 0-day Magento vulnerability has been released by DefenceCode team in an advisory. If you are vulnerable from this, attackers are capable of remotely executing arbitrary code.
As of now the vulnerability has been confirmed for the Magento Community edition as the researcher did not test for the enterprise edition. But since both the version use same base code there is a high chance of both being vulnerable to this vulnerability which leads to complete system compromise. This complete system compromise also includes the compromise of databases containing sensitive user credit card information.