When Oracle stopped public updates for Java 7, it didn't mean bugs stopped being found. It simply meant that the patches for those bugs were no longer available to the general public. Security fixes are now locked behind a paid Oracle Long-Term Support (LTS) agreement.
A flaw in the WLS Security component that allowed for remote exploitation without authentication. java 7 update 80 vulnerabilities
Older versions of Java are particularly susceptible to side-channel attacks like speculative execution flaws. While these are often hardware-level issues, newer Java versions include software-level mitigations that Java 7u80 lacks. When Oracle stopped public updates for Java 7,
While Log4j is a library, many applications stuck on Java 7u80 use older, vulnerable versions of Log4j because they cannot upgrade to the newer, patched versions of the library which require Java 8 or higher. How to Secure Your Environment A flaw in the WLS Security component that
Some OpenJDK providers (like Azul or Red Hat) offer extended support for older Java versions, providing backported security patches that the public Oracle 7u80 release lacks.
Java's serialization mechanism has a long history of vulnerabilities. Attackers can craft malicious serialized objects that, when "unpacked" by the Java 7u80 runtime, trigger unauthorized actions or lead to a total system takeover.