In non-technical terms if possible, how would these vulnerabilities impact an average user?
I’ll try to be the devil’s advocate and justify Apple’s decision.
The vast majority of attacks against Apple users fall into two categories: targeted attacks and opportunistic ones.
Due to Apple's claims of security, its products are used by people who look for protection because they are targeted, like journalists, executives, diplomats and others. If you are targeted, you will be hacked. Jeff Bezos was hacked by opening a video file on his iPhone.
https://en.wikipedia.org/wiki/Jeff_Bezos_phone_hacking_incident
The second category of attacks are the ones that use known vulnerabilities or social engineering to install mostly adware on regular users. Mac users still install fake Adobe Flash Players and Apple is usually slow to react and can’t do much about it.
OSX/Adload: Mac Malware Apple Missed for Many Months
https://www.intego.com/mac-security-blog/osx-adload-mac-malware-apple-missed-for-many-months/
“Shlayer Trojan attacks one in ten macOS users”
https://securelist.com/shlayer-for-macos/95724/
IT threat evolution in Q1 2022. Non-mobile statistics
https://securelist.com/it-threat-evolution-in-q1-2022-non-mobile-statistics/106531/
Malware authors bypassing XProtect with two spaces in the script
The first category of attacks usually targets users with the most updated version of macOS/iOS. The second one is just fishing for anyone in order to make a few dollars (ransomware attacks on macOS are not in the top 20, as per Attacks on macOS in Q1 2022 above).
So, were Big Sur users vulnerable because Apple did not provide the necessary updates? Most certainly were.
But Apple probably considered the risk low because they were most likely not in the first category and the second category of bad people usually doesn’t bother to adapt their malware/adware with the latest vulnerability, if the old ones still work.
A presentation about Apple’s approach to macOS updates and upgrades: Joshua Long, Chief Security Analyst at Intego, "n-1 and n-2: Should we really trust in you?"