Bastion Codex – Weekly Defender Brief (2026-06-10)
This weekly defender brief summarizes vulnerability movement observed over the past 7 and 30 days.
The goal is simple: highlight signal that matters to frontline defenders — patch workload pressure, severity shifts, and KEV movement.
Bastion Codex – Weekly Defender Brief
Week of 2026-06-10
Executive Snapshot
- 0 CVEs observed in the last 7 days
- 0 Critical
- 0 High
- 0 KEV-listed vulnerabilities in last 30 days
Week-over-Week Movement
- Total CVEs: -2084 (from 2084 to 0, -100.0%)
- Critical: -146 (from 146 to 0, -100.0%)
- High: -724 (from 724 to 0, -100.0%)
- Medium: -627 (from 627 to 0, -100.0%)
- Low: -71 (from 71 to 0, -100.0%)
- Unknown: -516 (from 516 to 0, -100.0%)
Defender Takeaways
- Critical vulnerability volume is lower than typical baseline.
- No new KEV movement in the last 30 days.
Severity Breakdown (7 Days)
- Critical: 0
- High: 0
- Medium: 0
- Low: 0
- Unknown: 0
Top Vendors (30 Days)
Top Products (30 Days)
Priority Watchlist (Top 10)
- CVE-2021-31955 | CVSS: None | KEV: True | Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attack
- CVE-2019-0703 | CVSS: None | KEV: True | An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to informat
- CVE-2015-1642 | CVSS: None | KEV: True | Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.
- CVE-2021-22204 | CVSS: None | KEV: True | Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing t
- CVE-2023-38203 | CVSS: None | KEV: True | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
- CVE-2020-8260 | CVSS: None | KEV: True | Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolle
- CVE-2024-51567 | CVSS: None | KEV: True | CyberPanel contains an incorrect default permissions vulnerability that allows a remote, unauthenticated attacker to execute commands as roo
- CVE-2022-21971 | CVSS: None | KEV: True | Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.
- CVE-2025-52691 | CVSS: None | KEV: True | SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attac
- CVE-2025-66644 | CVSS: None | KEV: True | Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.
Generated via Bastion Codex pipeline at 2026-06-10T23:06:53.953423+00:00