It depends on the type of vulnerability. Some can expose your computer to a rogue script on a dodgy website but, as far as I understand, all of those on ssllabs are about SSL/TLS vulnerabilities. In other words, vulnerability to the man in the middle (MITM) attack.

It is easy to be targeted. Especially on a mobile device using WiFi. All you need is another device on the same network and eavesdrop on your traffic. This might be trickier on networks you are in charge of (such as at home), but easy on public networks or even at your workplace.

What is the worst thing they can do? Sure, installing malware would be about as bad as it can get but that is unlikely to happen through a MITM attack. It is more likely to simply sniff your traffic and hope to extract from it some sensitive info. If you can avoid it, do not do online banking (including eBay/Amazon/flight ticket etc purchase) on a public WiFi.