A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. This flaw exists in the official curl-for-windows binaries built and hosted by the curl project (all versions up to and including 7.65.1_1). It does not exist in the curl executable shipped by Microsoft, bundled with Windows 10. It possibly exists in other curl builds for Windows too that uses OpenSSL.
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA Desktop client is vulnerable to a DLL injection vulnerability during the update process. The updater loads several DLLs from a folder that authenticated users have write access to. A low privileged user can leverage this vulnerability to execute arbitrary code as an administrator.
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privilege.
Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.