https://www.bleepingcomputer.com/news/security/over-29-000-qnap-devices-vulnerable-to-code-injection-attacks/

Tens of thousands of QNAP network-attached storage (NAS) devices are waiting to be patched against a critical security flaw addressed by the Taiwanese company on Monday.

Remote threat actors can exploit this SQL injection vulnerability (CVE-2022-27596) to inject malicious code in attacks targeting Internet-exposed and unpatched QNAP devices.