I have these custom .htaccess redirections

# Add a trailing slash to folders that don't have one
    RewriteCond %{REQUEST_URI}    !(/$|\.)
    RewriteRule (.*) %{REQUEST_URI}/  [R=301,L]
# Exclude these folders from rewrite process
    RewriteRule         ^(admin|ajax|cache|classes|css|img|webassist|js)($|/)  -  [L]
# Redirect root requests to /home/ folder
    RewriteRule         ^(/home/)?$                  /home/index.php?nLang=it                              [NC,L]
# Start rewriting rules
    RewriteRule         ^risultati.htm$              /home/results.php                                     [NC,L,QSA]
    RewriteRule         ^sfogliabile/(.*).htm$       /flip/browser.php?iCat=$1                             [NC,L]
    RewriteRule         ^depliant/(.*).htm$          /flip/flyer.php?iSpecial=$1                           [NC,L]
    RewriteRule         ^(.*)/ricerca/$              /ricerca/index.php?nLang=$1                           [NC,L,QSA]
    RewriteRule         ^(.*)/professional/$         /home/pro.php?nLang=$1                                [NC,L]
    RewriteRule         ^(.*)/3/(.*)/$               /products/index.php?nLang=$1&iModule=3                [NC,L]
    RewriteRule         ^(.*)/3/(.*)/(.*)/(.*).htm$  /products/details.php?nLang=$1&iData=$3&iModule=3     [NC,L]
    RewriteRule         ^(.*)/4/(.*)/$               /foreground/index.php?nLang=$1&iModule=4              [NC,L]
    RewriteRule         ^(.*)/4/(.*)/(.*)/(.*).htm$  /foreground/details.php?nLang=$1&iData=$3&iModule=4   [NC,L]
    RewriteRule         ^(.*)/5/(.*)/$               /specials/index.php?nLang=$1&iModule=5                [NC,L]
    RewriteRule         ^(.*)/5/(.*)/(.*)/(.*).htm$  /specials/details.php?nLang=$1&iData=$3&iModule=5     [NC,L]
    RewriteRule         ^(.*)/6/(.*)/$               /gallery/index.php?nLang=$1&iModule=6               [NC,L]
    RewriteRule         ^(.*)/6/(.*)/(.*)/(.*).htm$  /gallery/details.php?nLang=$1&iData=$3&iModule=6     [NC,L]
    RewriteRule         ^(.*)/(.*)/(.*)/(.*).htm$    /home/page.php?nLang=$1&iData=$3                     [NC,L,QSA]
    RewriteRule         ^(.*)/$                      /home/index.php?nLang=$1                              [NC,L]

It works pretty fine for all the pages, except when I type in some non existing paths like:

/it/dummy/
/it/dummy/dummy/
/it/dummy/dummy/dummy/
etc...

Instead of 404 error page, I get a page exposing PHP warning and notices about missing variables and include files, that could lead to security problems and malicious attacks

I tried several things to get a RegExp that work with such paths (so I can redirect the user to the 404 page), but no luck: please, can you help me? Thanks in advance

Change your last rule to this,

# If the request is not for a valid directory
RewriteCond %{REQUEST_FILENAME} !-d
# If the request is not for a valid file
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([a-z]+)/$ home/index.php?nLang=$1 [L,QSA,NC]

That way it will only handle language parameter e.g. /it/ or /en/ but will let other URLs e.g. /it/dummy/ go to 404 handler.

At least your last rule

RewriteRule         ^(.*)/$                      /home/index.php?nLang=$1  

sends all requests to /home/index.php and I suppose this script is the source for the warnings you get.

Since you have such a rule, presumably you actually want non-existing files to go to this script. It wouldn't help then to prevent calling the script because Apache couldn't know which urls will work and which not.

So you need to check for missing parameters or include files in your php script. This is especially reasonable because you never know what parameters attackers might call, as you already mentioned. A general rule of thumb is to check all parameters for validity before using them.

After you added all these checks, it is good practice to switch off error display (there is a php.ini entry for that, display_errors) but only log errors in a file (another entry, log_errors) in a production system.