Bastion Codex – Weekly Defender Brief (2026-07-14)
This weekly defender brief summarizes vulnerability movement observed over the past 7 and 30 days.
The goal is simple: highlight signal that matters to frontline defenders — patch workload pressure, severity shifts, and KEV movement.
Bastion Codex – Weekly Defender Brief
Week of 2026-07-14
Executive Snapshot
- 1645 CVEs observed in the last 7 days
- 115 Critical
- 596 High
- 6 KEV-listed vulnerabilities in last 30 days
Week-over-Week Movement
- Total CVEs: -149 (from 1794 to 1645, -8.3%)
- Critical: -80 (from 195 to 115, -41.0%)
- High: -2 (from 598 to 596, -0.3%)
- Medium: -24 (from 677 to 653, -3.5%)
- Low: 13 (from 59 to 72, 22.0%)
- Unknown: -56 (from 265 to 209, -21.1%)
Defender Takeaways
- Elevated volume of Critical vulnerabilities this week. Prioritize external-facing asset review.
- Recently added KEV vulnerabilities detected. Review CISA remediation timelines.
- High severity volume suggests increased patch workload. Focus on internet-exposed services first.
Severity Breakdown (7 Days)
- Critical: 115
- High: 596
- Medium: 653
- Low: 72
- Unknown: 209
Top Vendors (30 Days)
- Adobe: 1
- Balbooa: 1
- JoomShaper: 1
- Joomlack: 1
- Langflow: 1
- iCagenda: 1
Top Products (30 Days)
- ColdFusion: 1
- Forms: 1
- Langflow: 1
- Page Builder: 1
- SP Page Builder: 1
- iCagenda: 1
Priority Watchlist (Top 10)
- CVE-2024-1212 | CVSS: 10.0 | KEV: True | Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execut
- CVE-2026-48282 | CVSS: 10.0 | KEV: True | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traver
- CVE-2021-42237 | CVSS: 9.8 | KEV: True | Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achi
- CVE-2022-26258 | CVSS: 9.8 | KEV: True | D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.
- CVE-2024-55591 | CVSS: 9.8 | KEV: True | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and Forti
- CVE-2025-67038 | CVSS: 9.8 | KEV: True | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user’s authanticatio
- CVE-2026-48908 | CVSS: 9.8 | KEV: True | A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and
- CVE-2026-48939 | CVSS: 9.8 | KEV: True | A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulti
- CVE-2026-56290 | CVSS: 9.8 | KEV: True | The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and le
- CVE-2026-56291 | CVSS: 9.8 | KEV: True | The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and lead
Generated via Bastion Codex pipeline at 2026-07-14T00:51:38.127082+00:00