Double Spend

A person sends a payment, then immediately after sends another payment using the same coins to themselves.
For this to happen successfully, the network typically requires mempool which is congested for a prolonged period, presence of features which allow for mempool transactions to be replaced (RBF) and time pressure to not wait for a few block confirmations.

Congested mempools over a prolonged period of time can lead to not every miner having the same transactions in their mempools, which can make it possible for different miners to accept different transactions using the same coins (UTXO).

Features such as RBF can improve the user experience by un-sticking transactions, but they also allow transactions without confirmations to be double-spent, if the merchant is careless and their wallet doesn't correctly detect their use.

Time pressure as on occasion blocks can take over an hours to confirm, and there isn't always an hour to spare when purchasing a small item. If the users are unable to wait for a confirmation, it opens the possibility of a double-spend happening after physical goods are exchanged.

A transaction is sent to a merchant or exchange, then colludes with a large miner to send those coins to a different address, reorging a block or two if required.

If the attackers have a majority of the total network hash-rate, then they are able to double spend their coins then later publish their malicious blocks containing transactions which double spend all the coins back to themselves.

This type of double spend attack takes a lot of resources and would likely destroy significant value of a chain it happened on, it is only a concern when transactions deal with large values of low hash-rate coins. This is also a reason why exchanges require significantly more confirmations than is recommended for most transactions.