CVE-2025-10854 — The txtai framework allows the loading of compressed tar files as embedding indices. While the validate function is intended to prevent path traversal vulnerabilities by ensuring safe filenames, it do — CVE Database · The Intelligence Room