CVE-2026-35213

Versions sourced from the GitHub Security Advisory.

• Content Project/Content

  cpe:2.3:a:content_project:content:*:*:*:*:*:node.js:*:*

  Range: <6.0.1

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

• github.com/hapijs/content/pull/38nvdIssue TrackingPatchWEB
• github.com/advisories/GHSA-jg4p-7fhp-p32pghsaADVISORY
• github.com/hapijs/content/security/advisories/GHSA-jg4p-7fhp-p32pnvdVendor AdvisoryWEB
• nvd.nist.gov/vuln/detail/CVE-2026-35213ghsaADVISORY

• Microsoft rejects critical Azure vulnerability report, no CVE issued
  BleepingComputer · May 16, 2026
• Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
  The Hacker News · May 16, 2026
• Russian hackers turn Kazuar backdoor into modular P2P botnet
  BleepingComputer · May 16, 2026
• Metasploit Wrap-Up 05/15/2026
  Rapid7 Blog · May 15, 2026
• Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
  The Hacker News · May 15, 2026
• The Good, the Bad and the Ugly in Cybersecurity – Week 20
  SentinelOne Labs · May 15, 2026
• Meta’s confusing new approach to chat privacy
  Malwarebytes Labs · May 15, 2026
• MPs want social media treated more like unsafe toys than harmless apps
  The Register Security · May 15, 2026
• Deepfake detection is losing ground to generative models
  Help Net Security · May 15, 2026
• CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS
  Rapid7 Blog · May 14, 2026
• Wordfence Intelligence Weekly WordPress Vulnerability Report (May 4, 2026 to May 10, 2026)
  Wordfence Blog · May 14, 2026
• CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)
  Rapid7 Blog · May 14, 2026
• Cofense adds AI-powered campaign detection to stop phishing attacks
  Help Net Security · May 14, 2026
• Why Malwarebytes blocks some Yahoo Mail redirects
  Malwarebytes Labs · May 14, 2026
• Vector embedding security gap exposes enterprise AI pipelines
  Help Net Security · May 14, 2026
• Dark Reading Celebrates 20 Years as a Leading Authority on Cybersecurity, Highlighting the People, Events, Ideas, and Technologies Shaping the Modern Risk Landscape
  Dark Reading · May 13, 2026
• Rapid7 Partner Academy: Driving Impact with Gold Stevie Award-Winning Partner Services Certifications
  Rapid7 Blog · May 13, 2026
• Thus Spoke…The Gentlemen
  Check Point Research · May 13, 2026
• Browser Run: now running on Cloudflare Containers, it’s faster and more scalable
  Cloudflare Blog · May 13, 2026
• Patch Tuesday - May 2026
  Rapid7 Blog · May 13, 2026
• 1,000,000 WordPress Sites Affected by Arbitrary File Read and SQL Injection Vulnerabilities in Avada Builder WordPress Plugin
  Wordfence Blog · May 12, 2026
• State-sponsored actors, better known as the friends you don’t want
  Cisco Talos Intelligence · May 12, 2026
• Apple, Google drag cross-platform texting into the encrypted age
  The Register Security · May 12, 2026
• Double Canvas breach acknowledged as ShinyHunters sets new pay-or-leak deadline
  The Register Security · May 11, 2026
• Apple Patches Everything, (Mon, May 11th)
  SANS Internet Storm Center · May 11, 2026
• Instagram messaging encryption removed, and privacy advocates are pushing back
  Help Net Security · May 11, 2026
• Metasploit Wrap-Up 05/08/2026
  Rapid7 Blog · May 8, 2026
• Wordfence Intelligence Weekly WordPress Vulnerability Report (April 27, 2026 to May 3, 2026)
  Wordfence Blog · May 7, 2026
• Massive AI investment scam network spans 15,500 domains
  Malwarebytes Labs · May 7, 2026
• If a fake moustache can fool age checks, is the Online Safety Act working?
  Malwarebytes Labs · May 7, 2026
• An Adaptive Cyber Analytics UI for Web Honeypot Logs &#x5b;Guest Diary&#x5d;, (Wed, May 6th)
  SANS Internet Storm Center · May 7, 2026
• Authenticated Arbitrary File Upload Vulnerability Patched in Slider Revolution 7 WordPress Plugin
  Wordfence Blog · May 6, 2026
• Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)
  Rapid7 Blog · May 6, 2026
• Attackers adopt JavaScript runtime Bun to spread NWHStealer
  Malwarebytes Labs · May 6, 2026
• Insights into the clustering and reuse of phone numbers in scam emails
  Cisco Talos Intelligence · May 6, 2026
• Attackers Actively Exploiting Critical Vulnerability in Breeze Cache Plugin
  Wordfence Blog · May 5, 2026
• MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
  The Hacker News · May 5, 2026
• Update WhatsApp now: Two new flaws could expose you to malicious files
  Malwarebytes Labs · May 5, 2026
• Kids say they can beat age checks by drawing on a fake mustache
  The Register Security · May 4, 2026
• Kids say they can beat age checks by drawing on a fake mustache
  The Register Security · May 4, 2026
• 4th May – Threat Intelligence Report
  Check Point Research · May 4, 2026
• How Dark Reading Lifted Off the Launchpad in 2006
  Dark Reading · May 4, 2026
• Metasploit Wrap-Up 05/01/2026
  Rapid7 Blog · May 1, 2026
• Senate Judiciary advances bill that would bar minors from interacting with AI companions
  The Record · May 1, 2026
• Great responsibility, without great power
  Cisco Talos Intelligence · Apr 30, 2026
• Wordfence Intelligence Weekly WordPress Vulnerability Report (April 20, 2026 to April 26, 2026)
  Wordfence Blog · Apr 30, 2026
• Hackers stole hundreds of thousands of Roblox accounts: Here’s what to do
  Malwarebytes Labs · Apr 30, 2026
• Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
  The Hacker News · Apr 30, 2026
• Danger of Libredtail &#x5b;Guest Diary&#x5d;, (Wed, Apr 29th)
  SANS Internet Storm Center · Apr 30, 2026
• Researchers built a chatbot that only knows the world before 1931
  Malwarebytes Labs · Apr 29, 2026