"Just AES encrypted" is a pretty limited way of looking at things. AES offers plenty of ways to screw things up, off the top of my head with my limited cryptographic knowledge: how do you do random number generation? How do you deal with password-based key derivation? Is it resistant to GPU bruteforcing? Did you pick a good mode of operation for the use case and are you properly managing IVs? Do you authenticate encrypted data?

As far as I'm aware the newest KeePass format seems to do these things well (they switched from a custom AES-based KDF to using Argon2 recently), but I'm not sure if KeePass XC does the same and I'm certainly not qualified to review these things perfectly myself.