Bastion Codex – Weekly Defender Brief (2026-06-15)


This weekly defender brief summarizes vulnerability movement observed over the past 7 and 30 days.

The goal is simple: highlight signal that matters to frontline defenders — patch workload pressure, severity shifts, and KEV movement.


Bastion Codex – Weekly Defender Brief

Week of 2026-06-15

Executive Snapshot

  • 1952 CVEs observed in the last 7 days
  • 164 Critical
  • 814 High
  • 8 KEV-listed vulnerabilities in last 30 days

Week-over-Week Movement

  • Total CVEs: 1952 (from 0 to 1952, n/a)
  • Critical: 164 (from 0 to 164, n/a)
  • High: 814 (from 0 to 814, n/a)
  • Medium: 655 (from 0 to 655, n/a)
  • Low: 50 (from 0 to 50, n/a)
  • Unknown: 269 (from 0 to 269, n/a)

Defender Takeaways

  • Elevated volume of Critical vulnerabilities this week. Prioritize external-facing asset review.
  • Recently added KEV vulnerabilities detected. Review CISA remediation timelines.
  • High severity volume suggests increased patch workload. Focus on internet-exposed services first.

Severity Breakdown (7 Days)

  • Critical: 164
  • High: 814
  • Medium: 655
  • Low: 50
  • Unknown: 269

Top Vendors (30 Days)

  • Cisco: 2
  • Arista: 1
  • Check Point: 1
  • Google: 1
  • Ivanti: 1
  • LiteSpeed: 1
  • Oracle: 1

Top Products (30 Days)

  • Catalyst SD-WAN Manager: 2
  • Chromium V8: 1
  • Extensible Operating System: 1
  • PeopleSoft Enterprise PeopleTools: 1
  • Security Gateway: 1
  • Sentry: 1
  • cPanel Plugin: 1

Priority Watchlist (Top 10)

  • CVE-2026-10520 | CVSS: 10.0 | KEV: True | An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user
  • CVE-2018-1273 | CVSS: 9.8 | KEV: True | Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerabilit
  • CVE-2025-59718 | CVSS: 9.8 | KEV: True | A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, Forti
  • CVE-2026-24858 | CVSS: 9.8 | KEV: True | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.
  • CVE-2026-35273 | CVSS: 9.8 | KEV: True | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported v
  • CVE-2026-50751 | CVSS: 9.3 | KEV: True | A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated r
  • CVE-2026-0257 | CVSS: 9.1 | KEV: True | Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to
  • CVE-2026-42271 | CVSS: 8.8 | KEV: True | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endp
  • CVE-2026-11645 | CVSS: 8.8 | KEV: True | Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a san
  • CVE-2026-54420 | CVSS: 8.5 | KEV: True | LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP

Generated via Bastion Codex pipeline at 2026-06-15T22:29:19.191053+00:00