CVE-2026-35213

@hapi/content provided HTTP Content- headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns...

EUVD-2025-115896

Malicious code in bulma-chalk-rate-limiter-hapi npm...

EUVD-2019-0257

Malware in sbrugna...

EUVD-2018-0216

Malware in sbrugna...

EUVD-2018-0581

Malware in sbrugna...

Hapi Denial of Service Vulnerability

Hapi is a server framework for Node.js. The framework supports input validation, caching, and authentication. A security vulnerability exists in Hapi versions 15.0.0 through 16.1.0. An attacker can exploit the vulnerability to cause hapi to crash or the client connection to hang...

hapi node module security restriction vulnerability

The hapi node module is a server framework for Node.js. The framework supports input validation, caching, authentication and more. A security vulnerability exists in hapi node module versions prior to 11.1.4. An attacker can exploit the vulnerability to override a higher security restriction...

hapi node module denial of service vulnerability

The hapi node module is a server framework for Node.js. The framework supports input validation, caching, authentication and more. A security vulnerability exists in hapi node module versions prior to 11.1.3. An attacker exploits the vulnerability to cause a denial of service socket exhaustion wi...

CVE-2016-10543

call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules...

Design/Logic Flaw

call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules...

CVE-2016-10543

call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules...

PT-2014-1372 · Adobe +4 · Flash Player +6

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions prior to 13.0.0.231 Adobe Flash Player versions 14.x prior to 14.0.0.145 Adobe AIR versions prior to 14.0.0.137 Adobe AIR SDK versions prior to 14.0.0.137 Adobe AIR SDK & Compiler versions prior to 14.0.0.137 hapi...