1. Hermes CLI Path Traversal Vulnerability: Malicious Archives Could Overwrite System Files
A critical path traversal vulnerability in the Hermes CLI tool's profile archive extraction has been identified and patched. The flaw, a classic 'zip slip' attack vector, allowed a maliciously crafted `.tar.gz` archive to write files outside the intended destination directory. This created a direct risk where an attack...