Ask a computer scientist the worst-case complexity of the Ford-Fulkerson algorithm1 with integral edge capacities, and you'll likely get the answer of O(E*|f|), where E is the number of edges in the graph, and |f| is the capacity of the maximum flow, f, that the algorithm seeks to find. Indeed, that would have been my answer, as well. Until I tried to exploit that worst-case behavior.
Recently, I have been developing Java programs containing algorithmic complexity vulnerabilities, in order to test vulnerability detection tools being developed. Ford-Fulkerson seemed a perfect example of an algorithm where inputs that produce worst-case behavior are relatively rare, yielding a denial-of-service vulnerability that is difficult to detect by fuzzing.
On each iteration, the algorithm finds a path from the source to the sink that has some additional capacity that hasn't already been used in previous iterations. This is called an augmenting path. This path may include backtracking along an edge that has some of its capacity already used.
A worst-case example is one with a small augmenting path. Such a graph would cause only small increments towards the maximum flow on each iteration. The figure below shows such a graph, the standard graph used when discussing the complexity of the algorithm.