VDB
GCVE-110-NCSC-2026-74
GCVE-110-NCSC-2026-74
Advisory PublishedCVSS 6.5/10
MmsProvider.java contains a path traversal vulnerability enabling arbitrary file deletion, potentially causing local denial of service in telephony, SMS, and MMS functions without user interaction or additional privileges.
Weaknesses (CWE)
CWE-319Cleartext Transmission of Sensitive InformationCWE-476NULL Pointer DereferenceCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-416Use After FreeCWE-617Reachable AssertionCWE-754Improper Check for Unusual or Exceptional ConditionsCWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds WriteCWE-366Race Condition within a ThreadCWE-457Use of Uninitialized VariableCWE-749Exposed Dangerous Method or FunctionCWE-497Exposure of Sensitive System Information to an Unauthorized Control SphereCWE-1262Improper Access Control for Register InterfaceCWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')CWE-126Buffer Over-readCWE-415Double FreeCWE-401Missing Release of Memory after Effective LifetimeCWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-862Missing AuthorizationCWE-441Unintended Proxy or Intermediary ('Confused Deputy')CWE-59Improper Link Resolution Before File Access ('Link Following')CWE-20Improper Input ValidationCWE-770Allocation of Resources Without Limits or ThrottlingCWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-190Integer Overflow or WraparoundCWE-122Heap-based Buffer OverflowCWE-125Out-of-bounds ReadCWE-639Authorization Bypass Through User-Controlled KeyCWE-280Improper Handling of Insufficient Permissions or Privileges
Risk Scores
CVSS 3.1
6.5/10
Medium · CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| vers:unknown/* | — | — | |
| Samsung | vers:unknown/* | — | — |
Aliases
CVE-2024-43766CVE-2024-43859CVE-2025-10865CVE-2025-13952CVE-2025-20760CVE-2025-20761CVE-2025-20762CVE-2025-20793CVE-2025-20794CVE-2025-20795CVE-2025-2879CVE-2025-32313CVE-2025-38616CVE-2025-38618CVE-2025-39682CVE-2025-39946CVE-2025-40266CVE-2025-47339CVE-2025-47346CVE-2025-47348CVE-2025-47366CVE-2025-47378CVE-2025-47385CVE-2025-47388CVE-2025-47394CVE-2025-47395CVE-2025-47396CVE-2025-47397CVE-2025-47398CVE-2025-47402CVE-2025-48544CVE-2025-48567CVE-2025-48568CVE-2025-48574CVE-2025-48577CVE-2025-48578CVE-2025-48579CVE-2025-48582CVE-2025-48585CVE-2025-48587CVE-2025-48602CVE-2025-48605CVE-2025-48609CVE-2025-48613CVE-2025-48619CVE-2025-48630CVE-2025-48631CVE-2025-48634CVE-2025-48635CVE-2025-48641CVE-2025-48642CVE-2025-48644CVE-2025-48645CVE-2025-48646CVE-2025-48650CVE-2025-48653CVE-2025-48654CVE-2025-58407CVE-2025-58408CVE-2025-58409CVE-2025-58411CVE-2025-59600CVE-2025-64783CVE-2025-64784CVE-2025-64893CVE-2025-69278CVE-2025-69279CVE-2026-0005CVE-2026-0006CVE-2026-0007CVE-2026-0008CVE-2026-0010CVE-2026-0011CVE-2026-0012CVE-2026-0013CVE-2026-0014CVE-2026-0015CVE-2026-0017CVE-2026-0020CVE-2026-0021CVE-2026-0023CVE-2026-0024CVE-2026-0025CVE-2026-0026CVE-2026-0027CVE-2026-0028CVE-2026-0029CVE-2026-0030CVE-2026-0031CVE-2026-0032CVE-2026-0034CVE-2026-0035CVE-2026-0037CVE-2026-0038CVE-2026-0047CVE-2026-20401CVE-2026-20402CVE-2026-20403CVE-2026-20404CVE-2026-20405CVE-2026-20406CVE-2026-20420CVE-2026-20421CVE-2026-20422CVE-2026-20425CVE-2026-20426CVE-2026-20427CVE-2026-20428CVE-2026-20434CVE-2026-20988CVE-2026-20989CVE-2026-20990CVE-2026-20991CVE-2026-20992CVE-2026-21385CVE-2026-21735
References
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.