Bastion Codex – Weekly Defender Brief (2026-07-14)


This weekly defender brief summarizes vulnerability movement observed over the past 7 and 30 days.

The goal is simple: highlight signal that matters to frontline defenders — patch workload pressure, severity shifts, and KEV movement.


Bastion Codex – Weekly Defender Brief

Week of 2026-07-14

Executive Snapshot

  • 1645 CVEs observed in the last 7 days
  • 115 Critical
  • 596 High
  • 6 KEV-listed vulnerabilities in last 30 days

Week-over-Week Movement

  • Total CVEs: -149 (from 1794 to 1645, -8.3%)
  • Critical: -80 (from 195 to 115, -41.0%)
  • High: -2 (from 598 to 596, -0.3%)
  • Medium: -24 (from 677 to 653, -3.5%)
  • Low: 13 (from 59 to 72, 22.0%)
  • Unknown: -56 (from 265 to 209, -21.1%)

Defender Takeaways

  • Elevated volume of Critical vulnerabilities this week. Prioritize external-facing asset review.
  • Recently added KEV vulnerabilities detected. Review CISA remediation timelines.
  • High severity volume suggests increased patch workload. Focus on internet-exposed services first.

Severity Breakdown (7 Days)

  • Critical: 115
  • High: 596
  • Medium: 653
  • Low: 72
  • Unknown: 209

Top Vendors (30 Days)

  • Adobe: 1
  • Balbooa: 1
  • JoomShaper: 1
  • Joomlack: 1
  • Langflow: 1
  • iCagenda: 1

Top Products (30 Days)

  • ColdFusion: 1
  • Forms: 1
  • Langflow: 1
  • Page Builder: 1
  • SP Page Builder: 1
  • iCagenda: 1

Priority Watchlist (Top 10)

  • CVE-2024-1212 | CVSS: 10.0 | KEV: True | Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execut
  • CVE-2026-48282 | CVSS: 10.0 | KEV: True | ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traver
  • CVE-2021-42237 | CVSS: 9.8 | KEV: True | Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achi
  • CVE-2022-26258 | CVSS: 9.8 | KEV: True | D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.
  • CVE-2024-55591 | CVSS: 9.8 | KEV: True | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and Forti
  • CVE-2025-67038 | CVSS: 9.8 | KEV: True | An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user’s authanticatio
  • CVE-2026-48908 | CVSS: 9.8 | KEV: True | A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and
  • CVE-2026-48939 | CVSS: 9.8 | KEV: True | A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulti
  • CVE-2026-56290 | CVSS: 9.8 | KEV: True | The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and le
  • CVE-2026-56291 | CVSS: 9.8 | KEV: True | The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and lead

Generated via Bastion Codex pipeline at 2026-07-14T00:51:38.127082+00:00