I found the source of your error, and it's strange. Matt Graeber's function
Get-UefiDatabaseSignatures fails, because it thinks there's a X509 certificate stored in the dbxDefault variable (which is a factory default and cannot be updated, outside of a BIOS update).
The function aborts since .NET doesn't recognize the bytes as a valid certificate. But I can get back a SignatureOwner.
This signature
26dc4851-195f-4ae1-9a19-fbf883bbb35e belongs to the infamous AMI Test PK.
Let's roll back to the infamous "PK Fail" scandal... A number of major PC makers (Dell, HP, Lenovo) license the AMI BIOS. AMI provided a reference example of the BIOS code to the vendors, stamped "
DO NOT TRUST - AMI Test PK".
Obviously the magic words "DO NOT TRUST" and "Test PK" should have informed the vendors you shouldn't just copy the AMI example and roll it out as your own BIOS.
Guess what? They did, and a few years back some Windows security researchers discovered hundreds of PC models using some form of "DO NOT TRUST" or Test PK's. The security model for UEFI says every vendor should make their own unique Platform Keys, so an attacker has to break one PK at a time. If everyone uses the same key, then breaking it means you have exposed everyone using the same BIOS source.
Some vendors went back, and re-released their BIOS to include a distinct vendor key (no more "DO NOT TRUST"). And other vendors never acknowledged the problem by offering a newer BIOS.
I have no idea why your dbxDefault looks corrupted. But I would suggest trying to reflash the last released BIOS on it again.
Full Permissions) while all other access classes only have (Read-Execute Permission). 
