Bastion Codex – Weekly Defender Brief (2026-04-07)

This weekly defender brief summarizes vulnerability movement observed over the past 7 and 30 days.

The goal is simple: highlight signal that matters to frontline defenders — patch workload pressure, severity shifts, and KEV movement.

Bastion Codex – Weekly Defender Brief

Week of 2026-04-07

Executive Snapshot

  • 1357 CVEs observed in the last 7 days
  • 114 Critical
  • 442 High
  • 5 KEV-listed vulnerabilities in last 30 days

Week-over-Week Movement

  • Total CVEs: 152 (from 1205 to 1357, 12.6%)
  • Critical: 17 (from 97 to 114, 17.5%)
  • High: 21 (from 421 to 442, 5.0%)
  • Medium: 28 (from 466 to 494, 6.0%)
  • Low: 11 (from 44 to 55, 25.0%)
  • Unknown: 75 (from 177 to 252, 42.4%)

Defender Takeaways

  • Elevated volume of Critical vulnerabilities this week. Prioritize external-facing asset review.
  • Recently added KEV vulnerabilities detected. Review CISA remediation timelines.
  • High severity volume suggests increased patch workload. Focus on internet-exposed services first.

Severity Breakdown (7 Days)

  • Critical: 114
  • High: 442
  • Medium: 494
  • Low: 55
  • Unknown: 252

Top Vendors (30 Days)

  • Aquasecurity: 1
  • Citrix: 1
  • Fortinet: 1
  • Google: 1
  • TrueConf: 1

Top Products (30 Days)

  • Client: 1
  • Dawn: 1
  • FortiClient EMS: 1
  • NetScaler: 1
  • Trivy: 1

Priority Watchlist (Top 10)

  • CVE-2025-24085 | CVSS: 10.0 | KEV: True | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS
  • CVE-2025-24201 | CVSS: 10.0 | KEV: True | An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 1
  • CVE-2025-43300 | CVSS: 10.0 | KEV: True | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 a
  • CVE-2025-31200 | CVSS: 9.8 | KEV: True | A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15
  • CVE-2025-31201 | CVSS: 9.8 | KEV: True | This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18
  • CVE-2025-53521 | CVSS: 9.8 | KEV: True | When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).  

No

  • CVE-2026-20963 | CVSS: 9.8 | KEV: True | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
  • CVE-2026-3055 | CVSS: 9.8 | KEV: True | Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
  • CVE-2026-35616 | CVSS: 9.8 | KEV: True | A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unau
  • CVE-2025-54236 | CVSS: 9.1 | KEV: True | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Vali

Generated via Bastion Codex pipeline at 2026-04-07T12:51:07.311258+00:00