Spamming emergency services
Decades ago, I worked for a company in the UK (probably now absorbed and/or defunct) that wrote outbound dialler software. The user would provide it with a list of numbers to call and then it would take a number from the queue and attempt to dial it. If the call wasn't picked up, the number would be put on the retry queue for later. Relatively simple stuff.
The problem was this: when the number was taken from the queue, we'd put the configured outside line prefix (usually a '9') on the front before dialling. Then, if the call wasn't picked up, *that* number (including the 9) would be put on the retry queue. When we grabbed a number from the retry queue, we'd put the outside line prefix on it -- again.
As I'm sure you've worked out by now, after a few attempts, every number in the retry queue would start with '999', which would have resulted in us spamming UK emergency services with calls as fast as we could dial them (which, in the end, depended on how many external lines were connected to the switch).
Fortunately, we discovered this bug in pretty short order, while we were still developing against the test switch, and before it had any real outside lines connected to it. It got fixed before the end of the day, and the engineer responsible had a good story to tell in the pub after work (and had to buy the first round, obviously).