Bastion Codex – Weekly Defender Brief (2026-03-09)

This weekly defender brief summarizes vulnerability movement observed over the past 7 and 30 days.

The goal is simple: highlight signal that matters to frontline defenders — patch workload pressure, severity shifts, and KEV movement.

Bastion Codex – Weekly Defender Brief

Week of 2026-03-09

Executive Snapshot

  • 1449 CVEs observed in the last 7 days
  • 154 Critical
  • 535 High
  • 2 KEV-listed vulnerabilities in last 30 days

Week-over-Week Movement

  • Total CVEs: 0 (from 1449 to 1449, 0.0%)
  • Critical: 0 (from 154 to 154, 0.0%)
  • High: 0 (from 535 to 535, 0.0%)
  • Medium: 0 (from 405 to 405, 0.0%)
  • Low: 0 (from 43 to 43, 0.0%)
  • Unknown: 0 (from 312 to 312, 0.0%)

Defender Takeaways

  • Elevated volume of Critical vulnerabilities this week. Prioritize external-facing asset review.
  • Recently added KEV vulnerabilities detected. Review CISA remediation timelines.
  • High severity volume suggests increased patch workload. Focus on internet-exposed services first.

Severity Breakdown (7 Days)

  • Critical: 154
  • High: 535
  • Medium: 405
  • Low: 43
  • Unknown: 312

Top Vendors (30 Days)

  • Broadcom: 1
  • Qualcomm: 1

Top Products (30 Days)

  • Multiple Chipsets: 1
  • VMware Aria Operations: 1

Priority Watchlist (Top 10)

  • CVE-2017-7921 | CVSS: 9.8 | KEV: True | An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I
  • CVE-2021-22681 | CVSS: 9.8 | KEV: True | Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix cont
  • CVE-2025-54236 | CVSS: 9.1 | KEV: True | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Vali
  • CVE-2023-43000 | CVSS: 8.8 | KEV: True | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, S
  • CVE-2026-22719 | CVSS: 8.1 | KEV: True | VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbit
  • CVE-2021-30952 | CVSS: 7.8 | KEV: True | An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15
  • CVE-2023-41974 | CVSS: 7.8 | KEV: True | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to exe
  • CVE-2026-21385 | CVSS: 7.8 | KEV: True | Memory corruption while using alignments for memory allocation.
  • CVE-2021-20038 | CVSS: None | KEV: True | SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in cod
  • CVE-2020-9859 | CVSS: None | KEV: True | Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel p

Generated via Bastion Codex pipeline at 2026-03-09T14:59:42.300589+00:00