There is no such thing as a double spending with confirmation. At any point in time, each chain should not have a scenario whereby the same inputs are being spent twice because that would violate protocol rules. The so-called one confirmation double spending that you might encounter would be when a longer chain supersedes another, where a transaction would belong to a stale chain and thereby abandoned.
Well, I would like to try to understand it in a more practical way as follows: I am a miner, or whoever I want to try to scam someone with a transaction that is confirmed once. How could I do it? Does it make sense what I am saying?
It's just that it's clear to me how you can try to scam someone with an unconfirmed transaction, with RBF enabled, as I commented before, but not this.