Worst thing seems that verbatim does not even react to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2838... and continues to sell those as secure.