It is sometimes shocking to see 10+ developers working on a fairly big project (online quiz). Missing data binding operations here and there, as a result, bunch of sql injections, which successfully led to the entire db full of questions and answers sitting on my desktop.

Vulnerabilities have been reported, took them 2 weeks to understand what happened and fix them.

Pretty sad :/