Bastion Codex – Weekly Defender Brief (2026-03-02)

This weekly defender brief summarizes vulnerability movement observed over the past 7 and 30 days.

The goal is simple: highlight signal that matters to frontline defenders — patch workload pressure, severity shifts, and KEV movement.

Bastion Codex – Weekly Defender Brief

Week of 2026-03-02

Executive Snapshot

  • 966 CVEs observed in the last 7 days
  • 136 Critical
  • 297 High
  • 3 KEV-listed vulnerabilities in last 30 days

Week-over-Week Movement

  • Total CVEs: -524 (from 1490 to 966, -35.2%)
  • Critical: 23 (from 113 to 136, 20.4%)
  • High: -150 (from 447 to 297, -33.6%)
  • Medium: -214 (from 548 to 334, -39.1%)
  • Low: -10 (from 57 to 47, -17.5%)
  • Unknown: -173 (from 325 to 152, -53.2%)

Defender Takeaways

  • Elevated volume of Critical vulnerabilities this week. Prioritize external-facing asset review.
  • Recently added KEV vulnerabilities detected. Review CISA remediation timelines.

Severity Breakdown (7 Days)

  • Critical: 136
  • High: 297
  • Medium: 334
  • Low: 47
  • Unknown: 152

Top Vendors (30 Days)

  • Cisco: 1
  • Google: 1
  • Soliton Systems K.K: 1

Top Products (30 Days)

  • Catalyst SD-WAN Controller and Manager: 1
  • Chromium: 1
  • FileZen: 1

Priority Watchlist (Top 10)

  • CVE-2022-22536 | CVSS: 10.0 | KEV: True | SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher
  • CVE-2024-1709 | CVSS: 10.0 | KEV: True | ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel

vulnerability, whic

  • CVE-2024-1212 | CVSS: 10.0 | KEV: True | Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execut
  • CVE-2026-20127 | CVSS: 10.0 | KEV: True | A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager
  • CVE-2021-38163 | CVSS: 9.9 | KEV: True | SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administra
  • CVE-2025-49113 | CVSS: 9.9 | KEV: True | Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a
  • CVE-2022-27518 | CVSS: 9.8 | KEV: True | Unauthenticated remote arbitrary code execution
  • CVE-2023-33009 | CVSS: 9.8 | KEV: True | A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX serie
  • CVE-2023-24489 | CVSS: 9.8 | KEV: True | A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthent
  • CVE-2023-6448 | CVSS: 9.8 | KEV: True | Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticat

Generated via Bastion Codex pipeline at 2026-03-02T14:36:45.890741+00:00