A couple of weeks back I found a possible exploit in the Polygon Miden VM internals. Today a friend of mine managed to turn it into an actual exploit.
https://github.com/0xPolygonMiden/miden-vm/issues/605
It seemed appropriate (and somewhat funnier) to convey the result first to the team in the form of an actual zero-knowledge proof before we set to fixing it.