Question in title. I would like to know if there are any issues with using Tor browser while running a VPN (in Windows 10, and just for normal browsing if that's relevant). My understanding is that as long as I'm only connecting to HTTPS, I'm protected from malicious Tor nodes. Is this correct?
You are incorrect sir, with tor you are safe from bad actors when connecting to .onion websites. HTTPS does not guarantee a lot through tor if your connecting through a malicious exit node. .onion is the only way to verify full end to end encryption with tor. This is a really good read for anyone interested in privacy and security.
https://www.whonix.org/wiki/Tor_Browser#Introduction
Also, your vpn will always be the first route of your relay while using tor, so they will know the traffic entering and exiting the guard node, I''m fairly sure of that at least. Somebody correct me if I'm wrong.
Also, consider never using tor on your host operating system. Like tor on windows, mac, or, linux. You are always safer using tails, whonix, or qubes. There are literally million dollar bug bounties being offered for tor exploits, zerodium for example is offering 1 million for a good exploit, then they can sell it to the highest bidder and keep it a secret. If you are not using some sort of protection like whonix or tails, you are really putting yourself at risk of deanonymization. When there is life changing money being offered to attack you, it is best to use the most secure ways to access tor. Money is a great motivator to attract as many attackers as possible to find exploits. Stay safe.
Please note I am not an expert on this subject, but I really love to learn as much as possible, and I am always trying to learn more. Take my advice with a grain of salt and do your own research.
Edit: didnt realize this post turned intosuch such a great security subject! Thanks for contributing, glad to have more users willing to discuss tis with.