The Joomla! Project is pleased to announce the immediate availability of Joomla 3.3.6. This is a maintenance release addressing issues with yesterday’s 3.3.5 release. This release addresses an issue related to the core update component, one regression in the user password reset process, and adds a fallback upgrade mechanism for the update component. This release is considered a security release since it includes two resolved security issues associated with 3.3.5. A 3.2.7 release is also available for users who are still using Joomla! 3.2 which addresses the security issues and the upgrade component bug.
If you are using a version lower than 2.6.10, you should update right away.
During a routine audit done by the Sucuri firm, they found a critical vulnerability and informed the VirtueMart team.
The bug was immediately patched (in record time) and the version 2.6.10 (stable version) and 2.9.9b (in RC state) fixes this issue.
If you cannot update VirtueMart, please follow those instructions.