You should check the update manager logs. You said the baseline you're using is fixed. Is that baseline including the new patches, or just the older ones? That would make sense that your server is not seeing any new updates, it it does not include the new patches in the baseline.
Otherwise, maybe you're having connectivity problems downloading the patch metadata info.
Our baseline has not yet the new patches included. Update Manager logs look ok. All new patches have been downloaded and are included in the metadata files.
I suspect the following: the new patches make some previous patches obsolete. Even if the new patches are not included in the baseline the host scan already takes this into account. I could try some more testing, but I need to modify the metadata for this..
This should not be the case. When a host is scanned, it should be scanned against the baseline it is attached to. In your case, since it is attached to a baseline which does not include the new patches, it should come back clean, as it does. Attach the new baseline, with the new patches, and then rescan to see if the host comes back clean still. If it does, then that would be a problem.